Google's public disclosure of a vulnerability in the Android version of Epic Games Inc.'s popular title "Fortnite Battle Royale" sparked a feud between the two companies.

Earlier this summer, Epic Games announced it would sell the Android version of Fortnite directly to customers instead of offering it through the Google Play Store, which led several infosec experts to express concerns about sideloading apps on the platform. However, a Fortnite flaw was discovered by a Google employee soon after the Android version officially launched.

Epic quickly patched the Fortnite flaw and requested that Google withhold the vulnerability disclosure for 90 days so that customers could have more time to update their apps. However, Google declined and cited its official disclosure policy, which states that a vulnerability will be made public seven days after a patch is released.

Google's decision led to heavy criticism from Epic CEO Tim Sweeney, while others in the technology industry accused Google researchers of targeting Fortnite because its owner had shunned the Google Play Store.

Should Google have given Epic more time before disclosing the Fortnite flaw? Was Epic right to bypass the Google Play Store? Should Epic have taken more responsibility for launching a flawed Fortnite installer in the first place? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Who is ultimately to blame for the flawed Fortnite installer situation, and why?

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.